CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SnipSnap is a free java written and easy to install webBlog and wiki tools. A cross-site scripting vulnerability exists in the SnipSnap 'query' parameter due to the program failing to properly process user-supplied input. This allows an attacker to steal cookie-based authentication credentials an...

4.3CVSS6.9AI score0.00318EPSS

Exploits1References1

NVD•added 2015/02/03 4:59 p.m.•13 views

CVE-2014-9559

Cross-site scripting XSS vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search...

4.3CVSS5.7AI score0.00318EPSS

Exploits1References2

Prion•added 2015/02/03 4:59 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search...

4.3CVSS6.2AI score0.00318EPSS

Exploits1References2Affected Software1

CVE•added 2015/02/03 4:0 p.m.•33 views

CVE-2014-9559

CVE-2014-9559 affects SnipSnap versions 0.5.2a, 1.0b1, and 1.0b2. The issue is a cross-site scripting (XSS) vulnerability that arises from improper handling of user input in the SnipSnap search page, specifically via the query parameter to /snipsnap-search. This allows remote attackers to inject ...

4.3CVSS5.9AI score0.00318EPSS

Exploits1References2Affected Software1

Cvelist•added 2015/02/03 4:0 p.m.•14 views

CVE-2014-9559

Cross-site scripting XSS vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search...

5.7AI score0.00318EPSS

Exploits1References2

Packet Storm•added 2015/01/31 12:0 a.m.•41 views

SnipSnap 0.5.2a / 1.0b1 / 1.0b2 Cross Site Scripting

CVE-2014-9559 SnipSnap XSS Cross-Site Scripting Security Vulnerabilities Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS Product: SnipSnap Vulnerable Versions: 0.5.2a 1.0b1 1.0b2 Tested Version: 0.5.2a 1.0b1 1.0b2 Advisory Publication: Jan 30, 2015 Latest Update: Jan 30, 2015...

4.3CVSS6.8AI score0.00318EPSS

Exploits1

NVD•added 2014/09/15 2:55 p.m.•9 views

CVE-2014-5891

The SnipSnap Coupon App aka com.snipsnap.snipsnapapp application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00134EPSS

Exploits0References3

Prion•added 2014/09/15 2:55 p.m.•13 views

Information disclosure

5.4CVSS6.4AI score0.00134EPSS

Exploits0References3Affected Software1

Cvelist•added 2014/09/15 2:0 p.m.•18 views

CVE-2014-5891

5.9AI score0.00134EPSS

Exploits0References3

CVE•added 2014/09/15 2:0 p.m.•40 views

CVE-2014-5891

The CVE-2014-5891 entry concerns the SnipSnap Coupon App (com.snipsnap.snipsnapapp) for Android v1.1.11, where the app does not verify X.509 certificates from SSL servers. The underlying issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via crafted certifi...

5.4CVSS6AI score0.00134EPSS

Exploits0References3Affected Software1

seebug.org•added 2014/07/01 12:0 a.m.•23 views

SnipSnap 0.5.2 HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11180/info SnipSnap is reported prone to an HTTP response splitting vulnerability. The issue exists in the 'referer' parameter. The issue presents itself due to a flaw in the application that allows an attacker to...

7.1AI score

Exploits0

OpenVAS•added 2012/02/09 12:0 a.m.•12 views

SnipSnap Wiki <= 1.0b3 XSS Vulnerability - Active Check

SnipSnap is prone to a cross-site scripting XSS vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

6.6AI score

Exploits0References2

Packet Storm•added 2012/02/08 12:0 a.m.•22 views

Snipsnap Cross Site Scripting

Exploit Title: Snipsnap "search" Cross Site Scripting Date: 8.02.2012 Author: Sony Software Link: http://snipsnap.org/space/start Google Dorks: inurl:/space/start intext:snipsnap Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

0.1AI score

Exploits0

OpenVAS•added 2008/09/24 12:0 a.m.•13 views

Gentoo Security Advisory GLSA 200409-23 (snipsnap)

The remote host is missing updates announced in advisory GLSA 200409-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

5CVSS0.07746EPSS

Exploits1

OpenVAS•added 2008/09/24 12:0 a.m.•11 views

Gentoo Security Advisory GLSA 200409-23 (snipsnap)

The remote host is missing updates announced in advisory GLSA 200409-23. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.2AI score0.07746EPSS

Exploits1References3

CVE•added 2005/02/13 5:0 a.m.•72 views

CVE-2004-1470

The CVE-2004-1470 entry covers a CRLF injection vulnerability in SnipSnap, affecting SnipSnap 0.5.2a and other versions before 1.0b1. The issue enables HTTP Response Splitting to alter the server’s HTML output. Impact details are limited to the vulnerability allowing manipulation of content; expl...

5CVSS6.7AI score0.07746EPSS

Exploits1References5Affected Software1

Cvelist•added 2005/02/13 5:0 a.m.•16 views

CVE-2004-1470

CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server...

6.6AI score0.07746EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by